Re: [PATCH] arch_check_bp_in_kernelspace: fix the range check

From: Oleg Nesterov
Date: Tue Nov 20 2012 - 10:47:54 EST

Next message: Tilman Schmidt: "Re: possible regression in kernel 3.6: system hangs during nightlytape backup"
Previous message: Andy Whitcroft: "Re: [PATCH v2] checkpatch: add double empty line check"
In reply to: u3557: "Re: [PATCH] arch_check_bp_in_kernelspace: fix the range check"
Next in thread: Steven Rostedt: "Re: [PATCH] arch_check_bp_in_kernelspace: fix the range check"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 11/19, Steven Rostedt wrote:
>
> On Mon, 2012-11-19 at 18:47 +0100, Oleg Nesterov wrote:
> >
> > Just I think Amnon has a point, shouldn't we change this change like below?
> > (on top of this fixlet).
> >
> > Oleg.
> >
> > --- x/arch/x86/kernel/hw_breakpoint.c
> > +++ x/arch/x86/kernel/hw_breakpoint.c
> > @@ -188,6 +188,11 @@ static int get_hbp_len(u8 hbp_len)
> > return len_in_bytes;
> > }
> >
> > +static inline bool bp_in_gate(unsigned long start, unsigned long end)
> > +{
> > + return in_gate_area_no_mm(start) && in_gate_area_no_mm(end);
> > +}
> > +
> > /*
> > * Check for virtual address in kernel space.
> > */
> > @@ -200,7 +205,8 @@ int arch_check_bp_in_kernelspace(struct
> > va = info->address;
> > len = get_hbp_len(info->len);
> >
> > - return (va >= TASK_SIZE) || ((va + len - 1) >= TASK_SIZE);
> > + return ((va >= TASK_SIZE) || ((va + len - 1) >= TASK_SIZE)) &&
> > + !bp_in_gate(va, va + len - 1);
>
> So we want to allow non privileged to add a breakpoint in a vsyscall
> area even if it happens to lay in kernel space?

Yes,

> Is this really what we want?

I am not sure, that is why I am asking.

Hmm... I have to admit, I didn't even know this code was completely
rewritten, and a long ago... and in the default mode it works via
emulate_vsyscall() from page-fault, iow not in user_mode().

> I mean, isn't syscall tracing in the kernel
> done by a flag set to the task's structure. If the task has a flag set,
> then it does the slow (ptrace) path which handles the breakpoint for the
> user.

Well yes, with the new implementation __vsyscall_page simply does
syscall, so I guess (say) strace will "just work". But, afaics, only
if vsyscall_mode == NATIVE.

So perhaps bp in vsyscall_page still makes sense...

> But here, there's no prejudice between tasks. All tasks will now hit the
> breakpoint regardless of if it is being traced or not.
^^^^^^^^^^

This is hardware breakpoint, it is per-task.

Oleg.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Tilman Schmidt: "Re: possible regression in kernel 3.6: system hangs during nightlytape backup"
Previous message: Andy Whitcroft: "Re: [PATCH v2] checkpatch: add double empty line check"
In reply to: u3557: "Re: [PATCH] arch_check_bp_in_kernelspace: fix the range check"
Next in thread: Steven Rostedt: "Re: [PATCH] arch_check_bp_in_kernelspace: fix the range check"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]